Need a Trusted 3rd Party SSL Certificate?

If you are looking for a Trusted 3rd Party SSL Certificate that you can install on your server, is cheaper than a GoDaddy SSL Certificate and means you don't have to install the certificate on your computers or hand-held devices, then you can buy one from:
http://www.exchange-certificates.com

Got a question – talk to me now.

Help Bring Clean Water to Ethiopia

Excellent Price / Performance Anti-Spam Software

If you are looking for some Excellent Anti-Spam software that is priced per server not per user and that will reduce your spam dramatically, then I can recommend Vamsoft ORF (http://www.vamsoft.com). I personally use this on my own server and have installed it successfully on the majority of my customer's servers and we are all incredibly pleased with the results.
If you would like to purchase this software at a very competitive price, please drop me an email to alan@it-eye.co.uk.

Recently, the FBI together with authorities in several other countries, took down some key computer systems that were used to control infected computers around the globe and the infections were designed to steal usernames and passwords on the infected computers.

Those key computer systems are no doubt in the process of being rapidly replaced somewhere else in the world and as soon as they are up and running again they will resume communications with the infected computers and unleash an attack on as many computers that they can infect with the aim of stealing yet more usernames and passwords so that these can be used to steal your money!

What could happen to me and my computer?

Not much if you have an Apple Mac computer! This nasty will only affect Windows-Based computers (because the largest proportion of the computers in the world are running Windows). So us Apple Mac users can sit back with a smug grin on our faces 😀

What will the virus do?

If you are already infected or become infected in the future, initially the virus will (apparently) sit quietly and wait for you to login to your bank account online and then steal the login credentials (username and password) you use to access your account, which once it knows all the details, can then be used to empty your bank account into the criminals bank accounts.

If this first attempt to steal money from you fails (maybe you don’t use online banking, you don’t have a bank account or you don’t have much money in your bank account), or isn’t rewarding enough for the criminals behind this (who knows what constitutes enough money), then the second phase of the virus attack will kick in (CryptoLocker virus).

This second phase will encrypt the interesting user data on your computer (spreadsheets, documents, databases, pictures, email files etc) and then throw up a Ransom Demand screen asking you to pay around $300 in order to obtain the key to decrypt your data.

If you don’t pay the ransom demand within the time indicated on the Ransom Demand screen (showing an ever reducing count-down clock), then the key that can be used to decrypt your data will be deleted and you won’t be able to recover your data unless you have a backup of your files somewhere (if you use services such as DropBox or SugarSync or any other service that syncs your files into the Cloud, then this DOESN’T constitute a proper backup).

Could I already be infected and not know it?

Yes – in the UK it is estimated that around 15,000 computers will already be infected, worldwide, this is thought to be in the millions.

The infected computers will no doubt try to harvest email address from the local Windows address book / Outlook contacts and then send out an infected email to those locally harvested addresses. Those recipients, unless they have their wits about them, may think the email is a genuine email because it comes from someone they know and of course open it, open the attachment and then they will be infected and then the process starts again.

If you are already infected, then your Internet Service Provider (ISP) may contact you (if the rumours are true) and tell you that you are infected. IF YOU HEAR FROM YOUR ISP – DO NOT IGNORE THE WARNING!

What can I do about it?

McAfee have kindly produced a tool to scan for and remove the infection from an already infected computer and this can be downloaded here. There is no harm in downloading the tool right now and checking your machine even if your ISP doesn’t contact you, so why not err on the side of caution and check your computer anyway? This should make sure you aren’t currently infected.

Once you know you are clean, the best advice is to buy an external hard disk drive or a large capacity memory stick and backup ALL your critical personal data to the disk / memory stick and then unplug the disk / memory stick and keep it somewhere very safe.

If the disk / memory stick is kept connected to your computer, then the data on that will also become encrypted if you subsequently become infected, so keep your backed up data completely isolated from your computer and you should be fine.

Worst case, if you do get infected after you have taken your backup, then the virus can be stopped and you can recover your data from your external disk.

If you don’t backup your data and you do become infected, then there is still a small chance of recovering your files if you have a feature called Shadow Copies enabled on your computer (see the link to the left to find out how to enable them).

If you aren’t already infected, well done. You should still backup your files and remain ever vigilant when opening new emails, even from people you already know that contain attachments or links to sites.

What’s in it for the criminals?

Well – the Cryptolocker virus that reared it’s head around October last year has supposedly netted the criminals around £60m from their ransom demands and even some Police forces have had to pay the ransom to get their data back, so clearly it’s well worth their while writing the virus and setting it loose into the world and no one is immune from attack.

If 1% of the supposed million + computers that are infected pay the ransom demand, then that’s about $3m in the bank. Add to that the amount from bank accounts that get emptied, which presumably will have more than $300 in them, then if 5% of an infected 1 million computers who have $500 in their account get emptied, then we are talking about $125m in income alone.

Blog Stats

Copyright Information

Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited.

Excerpts and links may be used, provided that full and clear credit is given to Alan Hardisty and "Alan Hardisty's Blog - All Things IT Related" with appropriate and specific direction to the original content.

About Alan Hardisty

I am a seasoned IT Support Professional who has worked in the IT Industry for the past 20+ years and am currently running my own IT Support Company in Orpington, Kent (UK) with my business partner Mark Sitwell, who has also been in the IT Industry for the past 20+ years.

I can be found regularly answering technical questions on Experts Exchange where I am currently sitting at 47th position out of 115,218 Experts worldwide (see below).

IT Eye primarily focus on the Small to Medium Business Sector (SMB) and have a wealth of experience supporting single users up to and including customers with multiple servers and 60+ workstations.

Distance is not a problem as we use a variety of Remote Support Tools to support our customers and have worked numerous times on servers in the US, Canada and other countries around the globe, as well as across the UK.